Security

OpenTech Support is committed to protecting client systems, service availability, and the confidentiality and integrity of operational data. Security is built into how we design, deploy, and support our services.

1. Security Practices

Our security practices may include:

• least-privilege access management,
• multi-factor authentication,
• logging and monitoring,
• network and endpoint security controls,
• encryption in transit where supported,
• patching, maintenance, and vulnerability management,
• backup and recovery procedures,
• administrative controls for sensitive access.

2. Shared Responsibility

Security is a shared responsibility. Clients remain responsible for user behavior, approval of business decisions, password hygiene, prompt incident reporting, and maintaining systems or licenses outside the scope of contracted services.

3. Responsible Disclosure

If you believe you have discovered a security vulnerability affecting OpenTech systems, we encourage responsible disclosure.

Please include, where possible:

• a clear description of the issue,
• affected URL, system, or page,
• steps to reproduce,
• proof-of-concept details that minimize risk,
• your contact information for follow-up.

4. Testing Restrictions

Do not perform destructive testing, data exfiltration, denial of service, social engineering, or unauthorized account access. Security research must remain lawful, limited, and respectful of service continuity and data protection.

5. No Bounty Program Unless Announced

Unless OpenTech explicitly publishes a vulnerability reward or bounty program, no payment or reward is promised for vulnerability submissions.

6. Incident Reporting

To report a suspected security issue, vulnerability, or abuse involving OpenTech infrastructure or services, contact:

Security: [email protected]
Abuse: [email protected]